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•• The MAILING DATE of this communication appears on the cover sheet with the correspondence address •• 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 03 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 19 July 2006 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-9; 14-28 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) : is/are allowed. 

6) I3 Claim(s) 1-9: 14-28 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)£3 The drawing(s) filed on 01/31/2001 is/are: a)S accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. This action is response to communications: application, filed 01/31/2001; amendment 
filed 07/19/2006. Claims 1-9 and 14-28 are pending 

Response to Arguments 

2. Regarding to Applicant's arguments with respect to the Lang do not discloses Plurality 
of resources to one of plurality of security zones; wherein "resource" refers to any separately 
addressable entity in the network are persuasive. The previous office action is withdrawn 

Since the prosecution is reopened, all other arguments are moot in view of the new 
ground(s) of rejection 

Claim rejections-35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or descry 
bed as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the 

prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a 

person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by 

the manner in which the invention was made. 
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Claims 1-9, 14- 28 are rejected under 35 U.S.C 103(a) as being un-patentable over 
Jacobson (U.S. 5,548,649) in view of Wallent et al. (U.S. 6,366,912) 
Regarding to claim 1: 

Jacobson discloses the invention substantially as claimed, including a method, which can 
be implemented in a computer hardware or software code for selectively allowing access to a 
plurality of resources in a network, the method comprising: 

Receiving a request originated from a user of a multi-user system to transmit a message 
via the multi-user system over the network to one of the plurality of resources: Jacobson 
discloses a security method which applied to communications between a local network includes 
"security zone host devices" those are equivalent to "resources" and a remote network includes 
"other security zone host devices" those are also equivalent to "resources"; wherein "the network 
local security bridge" which shares functionality with "a multi-user system" receives 
transmitting data packets requests and determines if the transmitting data packets requests are 
authorized to be transmitted to desired security zone host devices destinations based upon their 
source addresses and destination addresses included within the transmitting data packets: 
(abstract; column 1, lines 27-43; column 3, lines 9-18) 

Each of the plurality of resources has been assigned to one of a plurality of security 
zones; identifying a one of the plurality of security zones that is associated with the one of the 
plurality of resources: Jacobson disclose method for grouping security zone host devices into a 
plurality of secure zones: (column 3, lines 42-67, 7-18; figure 1) 

Determining if the user of the multi-user system is authorized access to the identified one 
of the plurality of security zone: Jacobson discloses the network local security bridge includes 
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identification filter table which used to identify if the request transmitted packet is authorized to 
access one of security zone host device: (column 7, lines 1-67; column 8, lines 1-48; column 15, 
lines 1-67) 

Forwarding the message from the multi-user system over the network only if it is 
determined that the user is authorized access to the identified one of the plurality of security 
zone: Jacobson discloses a forwarder included within the network local security bridges which 
processes forwarding "authorized install/or view request" which is equivalent to "the message" 
to desired security zone host device destination: (column 7, lines 1-67; column 8 5 lines 1-48; 
column 15, lines 1-67) 

However, Jacobson does not explicitly disclose level of security sensitivity of the 
resource 

In analogous art, Wallent disclose method for grouping web servers into secure zones 
based on levels of security: (abstract; column 2, lines 36-49; column 3, lines 20-27) 

Thus, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine Wallent' s ideas of grouping servers into secure zones base on 
levels of security with Jacobson's system in order to provide an improve secure communication 
system, see (column 2, lines 37-49) 

Regarding to claims 14, 19 and 24: 

Those claims are rejected under rationale of claim 1 

Regarding to claim 25: 
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Jacobson discloses the invention substantially as claimed, including a system, which can 
be implemented in a computer hardware or software code for selectively allowing access to a 
plurality of resources in a network, the method comprising: 

A data processing device, the data processing device connected to a first network that 
includes a plurality of networked resources: Jacobson discloses "a secure zone host device" 
which is equivalent to "a data processing device" connects to a network includes a plurality of 
secure zones: (figure 1) 

A first data structure that specifies at least one security zone from a plurality of security 
zones that is associated with each of the plurality of networked resources: Jacobson disclose "a 
remote secure zone Host ID table" which is equivalent to "a first data structure" used for 
grouping security zone host devices into a plurality of secure zones: (column 3, lines 42-67, 7- 
18; figure 9; figure 1) 

A second data structure that specifies the respective security zones to which a plurality 
users of the data processing device may have access: Jacobson discloses "authorization table" 
which is equivalent to "a second data structure": (figure 12) 

A plurality of workstations that configured to execute applications on the data processing 
device: Jacobson discloses method for grouping "the secure zones host devices such as file 
server, time share system, mainframes, personal computer... etc" which is equivalent to "data 
processing device". In the Jacobson' s system, the communications between "secure zones host 
devices" which also shares functionality with "workstations" are authorized via the network local 
security bridge: (abstract; column 3, lines 10-19) 
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However, Jacobson does not explicitly disclose each of the plurality of security zones 
represents a distinct level of security sensitivity 

In analogous art, Wallent disclose method for grouping web servers into secure zones 
based on levels of security: (abstract; column 3, lines 20-27) 

Thus, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine Wallent' s ideas of grouping servers into secure zones base on 
levels of security with Jacobson's system in order to provide an improve secure communication 
system, see (column 2, lines 37-49) 

Regarding to claim 2: 

Jacobson- Wallent discloses a method as discuss in claiml, which includes a mainframe 
computer, and wherein the request is originate on a workstation of the mainframe computer: 
Jacobson disclose secure zone host computer could be a mainframe computer type: (column 3, 
lines 1-12) 

Regarding to claim 3-6, 8: 

This claim is rejected under rationale of claim 1 

Regarding to claim 7: 

Jacobson- Wallent discloses a method as discuss in claim 1 , which includes the message 
forwarded over the network includes a first user identification associated with the multi-user 
system but does not include a second user identification associated with the user of the multi- 
user system: Jacobson discloses method for searching combination of Protocol filter table, IP 
address filter table, identification table in order to determine the authorization for user request; 



Application/Control Number: 09/773,81 1 Page 7 

Art Unit: 2152 

and if the source address/ and destination address does not exist in those tables it will be added 
into those tables: (column 5, lines 1-67; column 6, lines 1-67) 
Regarding to claim 9: 

Jacobson-Wallent discloses a method as discuss in claim 1 5 which includes the network is 
an Internet protocol network: Jacobson discloses IP protocol filter table: (column 5, lines 1-67; 
column 6, lines 1-67) 

Regarding to claims 15-18. 20-23 and 28: 

Jacobson-Wallent discloses a method as discuss in claims 14,19 and 24 which includes 
further comprising means for associating a security zone with each of the plurality of resources: 
Jacobson disclose method for grouping security zone host devices into a plurality of secure 
zones. In the Jacobson system, the network local security bridge includes identification filter 
table which used to identify if the request transmitted packet is authorized to access one of 
security zone host device: (column 7, lines 1-67; column 8, lines 1-48; column 15, lines 1-67; 
column 3, lines 42-67, 7-18; figure 1) 

Regarding to claim 26: 

Jacobson-Wallent discloses a method as discuss in claim 25, which includes the first data 
structure comprises a mapping table that identifies the respective one of the plurality of security 
zones associated with each of the plurality of networked resources, wherein at least some of the 
entries in the mapping table are associated with multiple of the plurality of networked resources: 
Jacobson discloses method for mapping sequence of IP protocol filter table, IP addresses filter 
table, identification table, authorization table in order identify if user request is authorized to 
access a secure zone host device: (column 5, lines 1-67; column 6, lines 1-67) 
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Regarding to claim 27: 

Jacobson-Wallent discloses a method as discuss in claim 26, which includes wherein 
entries in the mapping table include wildcard characters to specify multiple of the plurality of 
networked resources with a single entry in the mapping table: (Jacobson: figure 9-12) 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. The following patents and publications are cited to further show the state of the art 
with respect to "Methods, systems and computer program products for selectively allowing users 
of multi-user system access to network resources": 

6,272,639; 6792,474; 6,088796; 6321,334; 6295,541 

Conclusions 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Lan-Dai Thi Truong whose telephone number is 571-272-7959. 
The examiner can normally be reached on Monday- Friday from 8:30am to 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Bunjob A. Jaroenchonwanit can be reached on 571-272-3913. The fax phone 
number for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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